In the past, I just had to worry about a not so great log in credential (e.g. TomTees/MyFavoritePassword)

But now that I am adding FDE, a Personal VPN, and a Hotspot things just got much more complicated!!

Others have recommend using one of those "digital keychains", but I believe they are stored in RAM, and so if someone ever attacked my laptop's memory (e.g. when I go to the restroom at McDonalds) then I'd really be screwed!!!

I am trying to be smarter about this topic, but it has been hard enough for me to remember one new "Pass-Phrase", let alone new Usernames and Pass-Phrases for 4 or more accounts...

Keeping things out of RAM is not going to leave you with a very usable system

If someone has that kind of access to your system, you're pretty much hosed anyway. Who cares about scraping RAM for the encryption key when they can just wait and key-log you?

If you want to completely separate it, store it on something like your smartphone. There are tons of apps like 1Password. I sync for convenience, but you could leave it only on your mobile device, assuming you're comfortable with the level of authentication for that device.

For #3 you're just going to have to get demos, experiment, and see what works for you.

I use a few different usernames (i.e. financial institutions are different than forums), but I don't do anything stupid like choose a username of d23aXalx. You need to find a balance between security and usability, and most people can't keep up with passwords, let alone what would effectively be doubling that effort.

ajohnson wrote:Keeping things out of RAM is not going to leave you with a very usable system

You think?! Ha ha.

ajohnson wrote:If someone has that kind of access to your system, you're pretty much hosed anyway. Who cares about scraping RAM for the encryption key when they can just wait and key-log you?

I suppose.

ajohnson wrote:If you want to completely separate it, store it on something like your smartphone. There are tons of apps like 1Password. I sync for convenience, but you could leave it only on your mobile device, assuming you're comfortable with the level of authentication for that device.

I guess my point was "committing things to human memory" vs. "relying on technology to help you remember things"

ajohnson wrote:I use a few different usernames (i.e. financial institutions are different than forums), but I don't do anything stupid like choose a username of d23aXalx.

You lost me there on d23aXalx...

So it sounds like you have maybe two sets of Usernames: Important ones and Casual Ones?

But is it a sin to re-use Usernames between Accounts?

For example, could I have the same Username for my MacBook and WiTopia log-ins?

(BTW, I assume using your E-mail or LastName-FirstInitial for a username isn't such a good idea, right?)

ajohnson wrote:You need to find a balance between security and usability, and most people can't keep up with passwords, let alone what would effectively be doubling that effort.

True.

ajohnson wrote:You should go through a resource like this and develop a decent foundation; you really just seem to be cherry-picking random items to "secure" and not focusing on a comprehensive approach to security: http://www.amazon.com/Network-Security- ... rity+bible

Hey, I know next to nothing about computer networking or security?!

I'm just going on what I read and others say is important, and then coming to places like here, and asking experts how to do various things.

I would love to learn about Security in a more structured way, but my #1 goal right now is *securing* the new laptop I hope to buy soon...

TomTees wrote:Hey, I know next to nothing about computer networking or security?!

I'm just going on what I read and others say is important, and then coming to places like here, and asking experts how to do various things.

I would love to learn about Security in a more structured way, but my #1 goal right now is *securing* the new laptop I hope to buy soon...

Please don't take this the wrong way, but to be completely candid: if you really cared, you'd spend ~$30 on a book and at least skim it and/or use it as a reference for specific topics.

My exact point is that you're not going to properly secure anything, including your laptop, unless you take the time to learn what common threats are on how to mitigate them. I'm using arbitrary numbers here, but doing really well in three areas and neglecting twelve others isn't going to do you much good overall. "Security" means different things to different people, and unless you take the time to figure out what it means to you, you're not going to go about it in an efficient or effective manner.

ajohnson wrote:Please don't take this the wrong way, but to be completely candid: if you really cared, you'd spend ~$30 on a book and at least skim it and/or use it as a reference for specific topics.

Hey, I never said I wouldn't do that.

My exact point is that you're not going to properly secure anything, including your laptop, unless you take the time to learn what common threats are on how to mitigate them. I'm using arbitrary numbers here, but doing really well in three areas and neglecting twelve others isn't going to do you much good overall. "Security" means different things to different people, and unless you take the time to figure out what it means to you, you're not going to go about it in an efficient or effective manner.

I appreciate your candor, but let me counter...

I will be getting a new laptop in the next week and will start using it.

There is no way I can buy, read, and apply a 400 page+ book in that time.

So I am trying to secure things which I know are needed and important up front (e.g. FDE and strong Pass-Phrases).

I realize that in an ideal world I'd go off to the mountain top, study up on everything for a month or two, and then come back and apply everything. But like people in most situations, that isn't an option.

Like most things, my suspicion is that the 80/20 rule applies here... 80% of the security can likely be covered in 20% of the things.